OSPF Problem 2811 to ASA

[primeaum]

I am not sure which forum to post this in but here goes...I'm having a problem getting OSPF to work between an ASA5505 and a Cisco 2811 Router. I know that OSPF works on the router as it picks up the neighbors over a point to point and VPN tunnels. It will not pick up the 5505 though. They are all Area 0 BTW.Here is how it is connected: 5505 - Inside goes to 2970 Switch - Goes to 2811 Router. Is the switch blocking OSPF from working? I have the exact same setup at several other locations but I'm not using the same switches at those. Let me know what other information you may need to help me troubleshoot this.thanks in advance everyone!

 

[burtsbees]

So I take it the ASA and the router are NOT in the same subnet? If not, why? They are plugged into a layer 2 switch...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[vipergg]

The switch will not block anything. Make sure the connecting link is in the same subnet , you have the correct network statements on each end under ospf and also make sure you do not have passive interface default on those connecting links .

 

[primeaum]

They are both on the same subnet. The interfaces are not set to passive on either device.

Here is the OSPF setup on the ASA:
router ospf 22
router-id 10.128.36.2
network 10.128.36.0 255.255.255.0 area 0
area 0
log-adj-changes
default-information originate always metric 1

and here is the Router:
router ospf 22
log-adjacency-changes
network 10.128.36.0 0.0.3.255 area 0
network 192.168.0.16 0.0.0.3 area 0
network 192.168.0.92 0.0.0.3 area 0
network 192.168.0.96 0.0.0.3 area 0
network 192.168.8.128 0.0.0.127 area 0


The router is seeing all of the other networks correctly.
thanks
mark

 

[unclerico]

your wildcard on the ASA is incorrect. it needs to be 0.0.0.255

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[primeaum]

I picked it from the drop down list in the ASDM for the ASA. I thouht it was wrong too. let me see if i can change it in the CLI.
thanks

 

[primeaum]

Looks like the ASA wants it the way I had it...won't take the other command.
ERROR: OSPF: Invalid address/mask combination (discontiguous mask)

 

[burtsbees]

Yeah---the ASA is like that, no wildcard.

You don't need OSPF for the two devices on the same subnet to see each other. They are directly connected. Any routing protocol writes routes into the routing table according to subnets and networks, not host addresses. You may see the network 10.128.36.0 in both as directly connected. Please post a sh ip route.

Can they ping eachother? Can you post a config of the ASA, and let us know what ports everything is plugged into on the switch? Also, a config of the router and the switch? And sh ip route from all devices...

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[primeaum]

I finally figured it out...the subnet mask wasn't the same on both the ASA and the router's IP addresses. I didn't realize that they needed to be the same in order for OSPF to work?
thanks for everyone's help.